CVE-2022-23056

Published June 22nd, 2022

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.

frappe/erpnext

Free and Open Source Enterprise Resource Planning (ERP)

GitHub

35.5K